Hi, good people working on SonarQube!
Let me start with saying that I am not an experienced developer of custom rules. I have only developed a few for my own needs. But here I a stuck.
I am developing a custom rule. In that, I am trying to detect and report usage of
sun.awt.CGraphicsDevice.getCGDisplayID() method. Namely, I am failing to detect the classname for the method.
This is a piece of code under the analysis:
new sun.awt.CGraphicsDevice(0).getCGDisplayID(); sun.misc.Unsafe.getUnsafe().defineAnonymousClass(Object.class, new byte, new Object);
This is how I get the classname:
where tree is a
That gives me just
CGraphicsDevice for the first method invocation and not
sun.awt.CGraphicsDevice. It works fine for the following invocations in the code.
The other thing which I happen to notice, which may or may not be related, is that the identifier symbol is not a method symbol:
((MemberSelectExpressionTree)tree.methodSelect()).identifier().symbol().isMethodSymbol() gives me
false for the first method invocation and
true for the latter two method invocations. Also symbol class is
org.sonar.java.model.Symbols$UnknownSymbol for the first invocation and
org.sonar.java.model.JMethodSymbol for the other two.
The only other thing I was able to check, also perhaps irrelevant, is that, at the other end, Eclipse API (
org.eclipse.jdt.core.dom.ASTParser) seems to be giving the same information for all method calls in the code.
Finally, since the method in question is a concealed API, I did try to add appropriate --add-opens, and even --add-exports, none of which helped. I did that for the scanner VM, because that’s where, from what I could understand, the rules code is executed with reflection.
Lastly, you may find that the method in question has been removed in JDK12. I was running all the code with a JDK in which the method still exists.
- Can you advice me how to get the classname for that method (and parameter types).?
– or –
- Can you point me to a piece of code where similar things are done?
– or –
- Can you point me to the code where it is decided if symbol is a JMethodSymbol - from that I may be able to understand what is going on fundamentally.
Really hope you can help!
Thank you very much in advance!
Let me know if more information needed.
This is the mandatory information:
- which versions are you using 22.214.171.124524
- how is SonarQube deployed: zip, Docker, Helm: zip
- what are you trying to achieve: write a custom rule to detect usage of some API
- what have you tried so far to achieve this: debug the code, add debug output, reading API, looking over samples, searching sonar-java source, etc